Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-75553 | UBTU-16-010690 | SV-90233r2_rule | Medium |
Description |
---|
If cached authentication information is out-of-date, the validity of the authentication information may be questionable. |
STIG | Date |
---|---|
Canonical Ubuntu 16.04 LTS Security Technical Implementation Guide | 2018-07-18 |
Check Text ( C-75257r2_chk ) |
---|
Verify that Pluggable Authentication Module (PAM) prohibits the use of cached authentications after one day. Note: If smart card authentication is not being used on the system this item is Not Applicable. Check that PAM prohibits the use of cached authentications after one day with the following command: # sudo grep -i "timestamp_timeout" /etc/pam.d/* timestamp_timeout=86400 If "timestamp_timeout" is not set to a value of "86400" or less, or is commented out, this is a finding. |
Fix Text (F-82181r2_fix) |
---|
Configure Pluggable Authentication Module (PAM) to prohibit the use of cached authentications after one day. Add or change the following line in "/etc/pam.d/common-auth" or "/etc/pam.d/common-session" just below the line "[pam]". timestamp_timeout = 86400 |